Kaspersky: The ITU, not Interpol, is our 'weapon'

Kaspersky Lab's eponymous founder tells journalists in Moscow that the International Telecommunication Union is vital in fighting cyber crime. By Mark Mayne.

Eugene Kaspersky has called for wider acknowledgement of the ITU and its role in battling international cyber crime.

Speaking to press in Moscow to mark the company's 15th anniversary, the charismatic chief executive of Kaspersky Lab said: “Interpol simply isn't ready to take on international cyber crime, although change is afoot which may change this position. The ITU is the weapon we have, and we must use it.”

Kaspersky took to the stage with his usual style and panache, complaining of a hectic international schedule of government-level meetings over the previous few days.

“There is much more government-level interest in cyber security, as the threat of global cyber war or cyber terror becomes more likely. One truism we have to deal with is that as systems become more complex, they have more and more vulnerabilities,” he told the assembled journalists, who between them represented 16 countries for this press conference in the Russian capital.

“Although recent discoveries such as Flame have been extremely complex, this level of complexity isn't necessarily the hallmark of cyber espionage – it can also be very simple,” Kaspersky continued.

Burning issue
This passing mention was all that was publicly said on the topic of Flame, the military-grade espionage malware that the company alerted the world to only recently.

In a series of briefings earlier this year, Kaspersky analysts told world media that the code structure was incredibly complex, and had so many similarities with previous spying malware Stuxnet and Duku that it was certain that the same team, or at least parallel developer teams, had built all three viruses.

Outside the central tracks of the conference, a senior Kaspersky analyst confirmed that further analysis of Flame is still ongoing, and that everything points to the code being at least six years old.

“The big fear is that these military-grade digital weapons will fall into criminal hands,” he elaborated. “Copying the code and creating extremely powerful malware to attack businesses would be quite easy, and would be quite a headache.”

Back inside the auditorium, Kaspersky Lab's Stefan Tanase, senior security researcher EEMEA (Eastern Europe, Middle East and Africa) at the company's Global Research & Analysis Team, issued a rallying call to businesses. “Things will only start changing once businesses understand and start demanding security specifically,” he said, claiming that developers “just care about getting the job done” and aren't necessarily striving for the most secure codebase.

“Security should come as a requirement of the business,” Tanase continued. “Things will not change until businesses begin demanding better security – it is not up to the consumer to push for this.”

He also pointed out that the rocketing volume of malware has not abated, and that popular free software, such as Oracle Java and Adobe Flash, make up the bulk of regular vulnerability attack vectors (42 and 33 per cent respectively). One recent vulnerability in Java went unpatched for 49 days, according to Tanase.

He also talked up the potential vulnerabilities in Apple's Mac OS X, pointing out that a lot of education is still required to convince Mac users to use security software – Kaspersky Lab has offered a Mac-specific AV product for some years.

SC Media UK arms cyber-security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.